This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Docs Learn Support
Help
Docs Learn Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to implement column level security?

Go to solution
KailaT
Employee Alumni
Employee Alumni

‎03-16-2022 08:39 AM

There are some business sensitive columns that only certain users should have access to.   For example, only show salary information to executives or users at a certain management level or above. For all other users trying to build insights using this column, mask the data. How do we implement this in Incorta?

Labels:
0 Kudos
4 REPLIES 4

Go to solution
awarrier
Employee
Employee

‎03-16-2022 08:41 AM

You can implement column level security in Incorta by using session variables and formulas. First, create the session variables to identify the groups that the logged in user belongs to. Next, create a formula with the sensitive column and the rule to apply for insight and dashboard consumption. Here is one sample formula for the use case referenced above.

IF($executive_managerial_group = 'Y', HR.Employees.Salary, '******')

Go to solution
AEliza
Cosmonaut

‎05-17-2022 07:46 AM

Can you show us how to create the session variable $executive_managerial_group based on the Group in Incorta? Say, there is a Group (executive_managerial_group) with some users.

0 Kudos

Go to solution
JoeM
Community Manager
Community Manager
In response to AEliza

‎05-17-2022 08:19 AM

HI @AEliza - 

If you're looking to query against Incorta, you can use the following set of cascading logic- 

JoeM_0-1652800759845.png

First, let's find out tenant ID.

$ivar_getTentantID

queryDistinct(
    sch_IncortaMetadata.Tenant.ID,
    sch_IncortaMetadata.Tenant.Name = 'Your tenant name'
)

The retrieve all groups from the tenant.

$ivar_get_groupid

querydistinct(
     sch_IncortaMetadata.Group.ID,
     sch_IncortaMetadata.Group.Name = 'executive_managerial_group',
     sch_IncortaMetadara.Group.TenantID = $ivar_getTentantID
)

Once I create a session variable that finds the group ids, I write another session variable to return users within the group:

$ivar_get_userid

query(
    sch_IncortaMetadata.group_user.userid,
    sch_IncortaMetadata.group_user.group_id = $ivar_get_groupid

then next

 $ivar_get_username

query(
   sch_IncortaMetadata.User.Loginname,
   inlist(sch_IncortaMetadata.UserID, $ivar_get_userid)
)

 

Go to solution
Adetweiler
Astronaut
In response to JoeM

‎07-16-2023 01:08 PM

Hi taking this a step further could you mask the column except for certain groups by data in the row? What i am looking for is to mask the employee column when a year is greater than 2018 (for example)

0 Kudos
Copyright © 2024 Khoros, LLC